The manner in which this attack was conducted pales in comparison with others like Stuxnet, ShadyRAT, and APT1. It is, however, the first time that a cyber-attack had the potential to affect us in a noticeable manner. A market crash would definitely be felt. The theft of military secrets – unless war was to take place – may not even register to an average citizen.
The Syrian Electronic Army eventually claimed responsibility for the hack. It is highly doubtful that a flash crash of the market was their intent. Disinformation was the likelier choice. This demands a reassessment of the vulnerable situation that the use of, and not the type of, technology has placed us in. While it is highly unlikely that the Syrian Electronic Army has the resources to devastate international financial markets, global instability is still possible by targeting information required for crucial decision-making rather than its underlying systems.
Analysts have suggested that dependence on automated trading systems caused the crash. These systems identify keywords from multiple sources, including Twitter, to garner public sentiment. Analysis of this sentiment is then conducted to execute thousands of trades in a very short period of time. Simplified further, positive news could trigger a buy while negative news triggers a sell. Manipulating information one way or another has the potential to move the world.
Short as this situation may have been; with the market eventually correcting itself, it is by no means an isolated case wherein an information repository or generator could be manipulated. A limited search of information generating and processing systems on the Internet, such as SAP, shows that the United States, for example, has more than 800 uniquely exposed systems that are publicly accessible. Exposed applications on the Internet are nothing new, but when viewed from the perspective of banks, manufacturers, and governments – all of which use SAP to generate, process, and store information for critical decision-making – this becomes an alarming situation. Despite calls from analysts claiming that a direct attack on critical infrastructure would cause paralysis and damage; the same holds true for the information that is generated.
At this point, extreme measures such as distancing ourselves from these technologies would be unrealistic. Global information systems have become overly dependent, if not defined, by them. At the same time, calls for better security controls have been issued year after year with little improvement – if one were to use recent security events as a measure of the state of global information security. What is perhaps needed at this point is a holistic view of security that not only builds walls around critical systems, but also secures the manner in which the information they produce is used.